Special Report – Inside the UAE’s secret hacking team of U.S. mercenaries

Two weeks after leaving her position as an intelligence analyst for the U.S. National Security Agency in 2014, Lori Stroud was in the Middle East working as a hacker for an Arab monarchy.

She had joined Project Raven, a clandestine team that included more than a dozen former U.S. intelligence operatives recruited to help the United Arab Emirates engage in surveillance of other governments, militants and human rights activists critical of the monarchy.

Stroud and her team, working from a converted mansion in Abu Dhabi known internally as “the Villa,” would use methods learnt from a decade in the U.S intelligence community to help the UAE hack into the phones and computers of its enemies.

Stroud had been recruited by a Maryland cybersecurity contractor to help the Emiratis launch hacking operations, and for three years, she thrived in the job. But in 2016, the Emiratis moved Project Raven to a UAE cybersecurity firm named DarkMatter. Before long, Stroud and other Americans involved in the effort say they saw the mission cross a red line: targeting fellow Americans for surveillance.

“I am working for a foreign intelligence agency who is targeting U.S. persons,” she told Reuters. “I am officially the bad kind of spy.”

The story of Project Raven reveals how former U.S. government hackers have employed state-of-the-art cyber-espionage tools on behalf of a foreign intelligence service that spies on human rights activists, journalists and political rivals.

The operatives utilized an arsenal of cyber tools, including a cutting-edge espionage platform known as Karma, in which Raven operatives say they hacked into the iPhones of hundreds of activists, political leaders and suspected terrorists. Details of the Karma hack were described in a separate Reuters article today.

An NSA spokesman declined to comment on Raven. An Apple spokeswoman declined to comment. A spokeswoman for UAE’s Ministry of Foreign Affairs declined to comment. The UAE’s Embassy in Washington and a spokesman for its National Media Council did not respond to requests for comment.

The Raven story also provides new insight into the role former American cyberspies play in foreign hacking operations. Within the U.S. intelligence community, leaving to work as an operative for another country is seen by some as a betrayal. “There’s a moral obligation if you’re a former intelligence officer from becoming effectively a mercenary for a foreign government,” said Bob Anderson, who served as executive assistant director of the Federal Bureau of Investigation until 2015.

While this activity raises ethical dilemmas, U.S. national security lawyers say the laws guiding what American intelligence contractors can do abroad are murky. Though it’s illegal to share classified information, there is no specific law that bars contractors from sharing more general spycraft knowhow, such as how to bait a target with a virus-laden email.

The rules, however, are clear on hacking U.S. networks or stealing the communications of Americans. “It would be very illegal,” said Rhea Siers, former NSA deputy assistant director for policy.

Read the complete article on Reuters here.

Genome Hackers Show No One’s DNA Is Anonymous Anymore

In 2013, a young computational biologist named Yaniv Erlich shocked the research world by showing it was possible to unmask the identities of people listed in anonymous genetic databases using only an Internet connection. Policymakers responded by restricting access to pools of anonymized biomedical genetic data. An NIH official said at the time, “The chances of this happening for most people are small, but they’re not zero.”

Fast-forward five years and the amount of DNA information housed in digital data stores has exploded, with no signs of slowing down. Consumer companies like 23andMe and Ancestry have so far created genetic profiles for more than 12 million people, according to recent industry estimates. Customers who download their own information can then choose to add it to public genealogy websites like GEDmatch, which gained national notoriety earlier this year for its role in leading police to a suspect in the Golden State Killer case.

Those interlocking family trees, connecting people through bits of DNA, have now grown so big that they can be used to find more than half the US population. In fact, according to new research led by Erlich, published today in Science, more than 60 percent of Americans with European ancestry can be identified through their DNA using open genetic genealogy databases, regardless of whether they’ve ever sent in a spit kit.

The takeaway is it doesn’t matter if you’ve been tested or not tested,” says Erlich, who is now the chief science officer at MyHeritage, the third largest consumer genetic provider behind 23andMe and Ancestry. “You can be identified because the databases already cover such large fractions of the US, at least for European ancestry.”

To make these estimates, Erlich and his collaborators at Columbia University and the Hebrew University of Jerusalem analyzed MyHeritage’s dataset of 1.28 million anonymous individuals, which is, like most of the world’s genetic databases, overwhelmingly white. Considering each one of those individuals as a human “target,” they counted the number of relatives with big chunks of matching DNA and found that 60 percent of searches turned up a third cousin or closer. That level of relatedness was all investigators needed to track down the Golden State Killer, and the 17 other cases that have so far been solved with this approach—known to law enforcement as long-range familial searching. To validate their findings, Erlich’s team plugged 30 genetic profiles into GEDmatch and saw similar results, with 76 percent of searches netting relatives in the 3rd cousin or closer range.

Read the complete article in Wired here.

Russian agents hacked US voting system manufacturer before US election – report

The NSA is convinced that the Russian General Staff Main Intelligence Directorate was responsible for interfering in the 2016 presidential election. Photograph: Larry W. Smith/EPA

Russian intelligence agents hacked a US voting systems manufacturer in the weeks leading up to last year’s presidential election, according to the Intercept, citing what it said was a highly classified National Security Agency (NSA) report.

The revelation coincided with the arrest of Reality Leigh Winner, 25, a federal contractor from Augusta, Georgia, who was charged with removing classified material from a government facility and mailing it to a news outlet.

The hacking of senior Democrats’ email accounts during the campaign has been well chronicled, but vote-counting was thought to have been unaffected, despite concerted Russian efforts to penetrate it.

Russian military intelligence carried out a cyber-attack on at least one US voting software supplier and sent spear-phishing emails to more than a hundred local election officials days before the poll, the Intercept reported on Monday.

The website, which specialises in national security issues, said the NSA document had been provided to it anonymously and independently authenticated. “The report, dated May 5, 2017, is the most detailed US government account of Russian interference in the election that has yet come to light,” it continued.

On Monday afternoon, the justice department said Winner had been arrested by the FBI at her home on Saturday and appeared in federal court in Augusta on Monday. She is a contractor with Pluribus International Corporation, assigned to a US government agency facility in Georgia, it added. She has been employed at the facility since on or about 13 February and held a top-secret clearance during that time.

Winner’s mother, Billie Winner-Davis, told the Guardian that her daughter was a former linguist in the US air force who spoke Farsi, Pashto and Dari.

“I never thought this would be something she would do,” said Winner-Davis. “She’s expressed to me that she’s not a fan of Trump, but she’s not someone that goes and riots and pickets or stuff.”

The NSA report makes clear that, despite recent denials by the Russian president, Vladimir Putin, the NSA is convinced that the Russian General Staff Main Intelligence Directorate (GRU) was responsible for interfering in the 2016 presidential election.

The document reportedly states: “Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.”

The intelligence assessment acknowledges that there is still a great deal of uncertainty over how successful the Russian operatives were and does not reach a conclusion about whether it affected the outcome of the election, in which Donald Trump’s victory over Hillary Clinton hinged on three closely contested states.

But the suggestion that Russian hackers may gained at least a foothold in electronic voting systems is likely to add even more pressure to special counsel and congressional investigations. The Obama administration maintained that it took preventive measures to successfully guard against breaches of the systems in all 50 states.

The former FBI director James Comey is set to testify before the Senate intelligence committee on Thursday regarding Russian meddling in the election.

Read the complete article on The Guardian newspaper web site.

China, hacking, fact, opinion

Lately there has been an upsurge of media reports concerning hacking said to be originating in China by APT1 – according to statements by Mandiant – which are mostly opinion and not fully supported facts.

I’ve always been leery of reports based upon allegations, especially those with little substantiation, and written to project an aura of authority and thus truth.

Thinkst wrote a piece about the Mandiant report and APT1. Please take a moment to read it here.

About Thinkst: Thinkst was founded to respond to the simple (but often repeated) call in infosec today: “We are not winning against X”. Despite billions being spent worldwide, we are often not much better than we were 10 years ago. This process is not tenable.

Thinkst exists to work on difficult problems and to solve them.

With a decade of history in well published applied research and a strong network of partners, thinkst aims at turning the current tide, because we strongly agree with Voltaire when he said:

“No problem can withstand the assault of sustained thinking!”

Bizarre hacking case involving cyber riddles and a cat

JAPANESE police have arrested a man suspected of being behind a computer hacking campaign following an exhaustive hunt that at one stage had authorities tracking down a cat for clues, reports said.

 

Yusuke Katayama, 30, was arrested on Sunday on charges of using a remote computer and sending a mass killing threat to a comic book event after months of evading investigators with a series of vexing cyber riddles, according to NHK.

After cracking a set of riddles, police found the cat and removed a digital memory card from its collar which revealed a message saying “a past experience in a criminal case” had caused the hacker to act.

Full story at this link.

The HBGary story from RSA 2011

RSA 2011: Winning the War But Losing Our Soul.

That is the title of the article from threatpost. Here is a bit of the story.

What’s more disturbing is the way that the folks at HBGary – mostly Aaron Barr, but others as well – came to view the infowar tactics they were pitching to the military and its contractors as applicable in the civilian context, as well. How effortlessly and seamlessly the focus on “advanced persistent threats” shifted from government backed hackers in China and Russia to encompass political foes like ThinkProgress or the columnist Glenn Greenwald. Anonymous may have committed crimes that demand punishment – but its up to the FBI to handle that, not “a large U.S. bank” or its attorneys.

Full story of HBGary and hacking, from threatpost.